From 41302398e933b6d3943ff1bbef2b0a4dc6f8fb29 Mon Sep 17 00:00:00 2001
From: Matthias <matthias.mair@oewf.org>
Date: Sat, 11 Dec 2021 23:07:37 +0100
Subject: [PATCH] managment and invoke commands to remove mfa

---
 .../management/commands/remove_mfa.py         | 36 +++++++++++++++++++
 tasks.py                                      | 12 +++++++
 2 files changed, 48 insertions(+)
 create mode 100644 InvenTree/InvenTree/management/commands/remove_mfa.py

diff --git a/InvenTree/InvenTree/management/commands/remove_mfa.py b/InvenTree/InvenTree/management/commands/remove_mfa.py
new file mode 100644
index 0000000000..8c84920cc3
--- /dev/null
+++ b/InvenTree/InvenTree/management/commands/remove_mfa.py
@@ -0,0 +1,36 @@
+"""
+Custom management command to remove MFA for a user
+"""
+
+from django.core.management.base import BaseCommand
+from django.contrib.auth import get_user_model
+
+
+class Command(BaseCommand):
+    """
+    Remove MFA for a user
+    """
+
+    def add_arguments(self, parser):
+        parser.add_argument('mail', type=str)
+
+    def handle(self, *args, **kwargs):
+
+        # general settings
+        mail = kwargs.get('mail')
+        if not mail:
+            raise KeyError('A mail is required')
+        user = get_user_model()
+        mfa_user = [*set(user.objects.filter(email=mail) | user.objects.filter(emailaddress__email=mail))]
+
+        if len(mfa_user) == 0:
+            print('No user with this mail associated')
+        elif len(mfa_user) > 1:
+            print('More than one user found with this mail')
+        else:
+            # and clean out all MFA methods
+            # backup codes
+            mfa_user[0].staticdevice_set.all().delete()
+            # TOTP tokens
+            mfa_user[0].totpdevice_set.all().delete()
+            print(f'Removed all MFA methods for user {str(mfa_user[0])}')
diff --git a/tasks.py b/tasks.py
index 7408bb40b5..4d5d7ff6c8 100644
--- a/tasks.py
+++ b/tasks.py
@@ -154,6 +154,18 @@ def clean_settings(c):
     manage(c, "clean_settings")
 
 
+@task(help={'mail': 'mail of the user whos MFA should be disabled'})
+def remove_mfa(c, mail=''):
+    """
+    Remove MFA for a user
+    """
+
+    if not mail:
+        print('You must provide a users mail')
+
+    manage(c, f"remove_mfa {mail}")
+
+
 @task(post=[rebuild_models, rebuild_thumbnails])
 def migrate(c):
     """